s3: smb2 server - fix bug 10167 smb2 breaks "smb encryption = mandatory

Refuse an SMB2 tcon on a share wher eencryption is required.
SMB2 doesn't support this.

Signed-off-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c
index 5f0e3a937a3168a27b2034ab7d54571df37474c0..8b955ff96045d06837173e066705eb72f941a06e 100644 (file)
--- a/source3/smbd/smb2_tcon.c
+++ b/source3/smbd/smb2_tcon.c
@@ -207,6 +207,15 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req,
                return NT_STATUS_BAD_NETWORK_NAME;
        }
 
+       /* Don't allow connection if encryption is required. */
+       if (lp_smb_encrypt(snum) == Required) {
+               DEBUG(0,("Connection refused on share %s as encryption is"
+                       " required on this share and SMB2 does not support"
+                       " this.\n",
+                       lp_servicename(snum)));
+               return NT_STATUS_ACCESS_DENIED;
+       }
+
        /* create a new tcon as child of the session */
        tcon = talloc_zero(req->session, struct smbd_smb2_tcon);
        if (tcon == NULL) {